URL:

https://iobit.com

Full analysis: https://app.any.run/tasks/2f81c9c4-f0de-4777-a4a7-3d07204b33c2
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: January 10, 2021, 15:14:17
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
adware
trojan
Indicators:
MD5:

3953473EA37CB80BA3238021A9F3947D

SHA1:

3D272562F7A6EFE7C5DC45F796AD4BDE5B006605

SHA256:

4CDE9FA6E302B725AD256ED5E5398825685F120DD303AE94C6BBF061B8F6D734

SSDEEP:

3:N8izI:2ik

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Application was dropped or rewritten from another process

      • advanced-systemcare-setup.exe (PID: 316)
      • advanced-systemcare-setup.exe (PID: 1968)
      • Setup.exe (PID: 3548)
      • advanced-systemcare-setup.exe (PID: 3268)
      • ASCInit.exe (PID: 3356)
      • ASCService.exe (PID: 2220)
      • Register.exe (PID: 1948)
      • DiskDefrag.exe (PID: 3480)
      • BrowserCleaner.exe (PID: 2016)
      • LocalLang.exe (PID: 3040)
      • PPUninstaller.exe (PID: 3452)
      • PrivacyShield.exe (PID: 3956)
      • RealTimeProtector.exe (PID: 624)
      • RealTimeProtector.exe (PID: 2912)
      • RealTimeProtector.exe (PID: 2852)
      • smBootTime.exe (PID: 3648)
      • smBootTimebase.exe (PID: 612)
      • smBootTime.exe (PID: 3288)
      • UninstallInfo.exe (PID: 3172)
      • smBootTime.exe (PID: 1532)
      • Display.exe (PID: 580)
      • ASC.exe (PID: 1540)
      • BrowserProtect.exe (PID: 3432)
      • Monitor.exe (PID: 2232)
      • smBootTime.exe (PID: 308)
      • AutoSweep.exe (PID: 2184)
      • ASCTray.exe (PID: 3096)
      • ASCFeature.exe (PID: 2964)
      • AutoUpdate.exe (PID: 2876)
      • ASCFeature.exe (PID: 2740)
      • ASCVER.exe (PID: 3008)
      • BrowserCleaner.exe (PID: 1764)
      • ActionCenterDownloader.exe (PID: 1696)
      • AutoCare.exe (PID: 3580)
      • IObitLiveUpdate.exe (PID: 3312)
      • startupInfo.exe (PID: 2716)
      • ugin.exe (PID: 3660)
      • iTopSetup.exe (PID: 2296)
      • ugin.exe (PID: 2248)
      • icop32.exe (PID: 2264)
      • ugin.exe (PID: 1720)
      • iTopVPN.exe (PID: 3424)
      • unpr.exe (PID: 2860)
      • iTopVPN.exe (PID: 3016)
      • ugin.exe (PID: 3068)
      • smBootTime.exe (PID: 3320)
      • smBootTime.exe (PID: 3092)
      • ugin.exe (PID: 3896)
      • smBootTime.exe (PID: 3512)
      • atud.exe (PID: 3244)
      • aud.exe (PID: 3676)
      • aud.exe (PID: 3420)
      • register.exe (PID: 1484)
      • MonitorDisk.exe (PID: 3988)
      • AutoCare.exe (PID: 2088)

    • Drops executable file immediately after starts

      • advanced-systemcare-setup.exe (PID: 1968)
      • advanced-systemcare-setup.exe (PID: 316)
      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.exe (PID: 3268)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.exe (PID: 2296)
      • iTopSetup.tmp (PID: 3772)
      • ugin.exe (PID: 2248)

    • Actions looks like stealing of personal data

      • advanced-systemcare-setup.tmp (PID: 900)
      • smBootTimebase.exe (PID: 612)
      • ASCService.exe (PID: 2220)
      • PPUninstaller.exe (PID: 3452)
      • AutoCare.exe (PID: 2088)
      • ASC.exe (PID: 1540)

    • Loads dropped or rewritten executable

      • ASCInit.exe (PID: 3356)
      • Register.exe (PID: 1948)
      • ASCService.exe (PID: 2220)
      • smBootTimebase.exe (PID: 612)
      • PPUninstaller.exe (PID: 3452)
      • RealTimeProtector.exe (PID: 2912)
      • RealTimeProtector.exe (PID: 624)
      • smBootTime.exe (PID: 1532)
      • RealTimeProtector.exe (PID: 2852)
      • smBootTime.exe (PID: 3288)
      • BrowserCleaner.exe (PID: 2016)
      • PrivacyShield.exe (PID: 3956)
      • regsvr32.exe (PID: 1548)
      • smBootTime.exe (PID: 3648)
      • UninstallInfo.exe (PID: 3172)
      • Display.exe (PID: 580)
      • Setup.exe (PID: 3548)
      • BrowserProtect.exe (PID: 3432)
      • ASC.exe (PID: 1540)
      • Monitor.exe (PID: 2232)
      • smBootTime.exe (PID: 308)
      • ASCTray.exe (PID: 3096)
      • AutoSweep.exe (PID: 2184)
      • ASCFeature.exe (PID: 2740)
      • AutoUpdate.exe (PID: 2876)
      • ASCVER.exe (PID: 3008)
      • BrowserCleaner.exe (PID: 1764)
      • ASCFeature.exe (PID: 2964)
      • AutoCare.exe (PID: 3580)
      • startupInfo.exe (PID: 2716)
      • IObitLiveUpdate.exe (PID: 3312)
      • explorer.exe (PID: 292)
      • unpr.exe (PID: 2860)
      • smBootTime.exe (PID: 3092)
      • iTopVPN.exe (PID: 3016)
      • smBootTime.exe (PID: 3320)
      • smBootTime.exe (PID: 3512)
      • svchost.exe (PID: 860)
      • aud.exe (PID: 3420)
      • register.exe (PID: 1484)
      • MonitorDisk.exe (PID: 3988)
      • atud.exe (PID: 3244)
      • aud.exe (PID: 3676)
      • AutoCare.exe (PID: 2088)

    • Loads the Task Scheduler COM API

      • ASCInit.exe (PID: 3356)
      • smBootTime.exe (PID: 1532)
      • smBootTimebase.exe (PID: 612)
      • Setup.exe (PID: 3548)
      • ASC.exe (PID: 1540)
      • smBootTime.exe (PID: 308)
      • iTopVPN.exe (PID: 3424)
      • smBootTime.exe (PID: 3092)
      • smBootTime.exe (PID: 3320)
      • smBootTime.exe (PID: 3512)

    • Steals credentials from Web Browsers

      • ASCService.exe (PID: 2220)
      • PPUninstaller.exe (PID: 3452)
      • ASC.exe (PID: 1540)
      • AutoCare.exe (PID: 2088)

    • Registers / Runs the DLL via REGSVR32.EXE

      • ASCInit.exe (PID: 3356)

    • Changes the autorun value in the registry

      • ASCInit.exe (PID: 3356)

    • Changes settings of System certificates

      • ASCVER.exe (PID: 3008)

    • Connects to CnC server

      • ASC.exe (PID: 1540)

    • Runs injected code in another process

      • icop32.exe (PID: 2264)

    • Application was injected by another process

      • explorer.exe (PID: 292)

  • SUSPICIOUS

    • Drops a file with a compile date too recent

      • chrome.exe (PID: 3852)
      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)

    • Executable content was dropped or overwritten

      • chrome.exe (PID: 3852)
      • advanced-systemcare-setup.exe (PID: 316)
      • advanced-systemcare-setup.exe (PID: 1968)
      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.exe (PID: 3268)
      • ASCInit.exe (PID: 3356)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • Monitor.exe (PID: 2232)
      • AutoUpdate.exe (PID: 2876)
      • ActionCenterDownloader.exe (PID: 1696)
      • iTopSetup.exe (PID: 2296)
      • iTopSetup.tmp (PID: 3772)
      • ugin.exe (PID: 2248)

    • Reads the Windows organization settings

      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)
      • AutoCare.exe (PID: 2088)

    • Drops a file with too old compile date

      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)

    • Reads Windows owner or organization settings

      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)
      • AutoCare.exe (PID: 2088)

    • Drops a file that was compiled in debug mode

      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • Monitor.exe (PID: 2232)
      • iTopSetup.tmp (PID: 3772)
      • AutoUpdate.exe (PID: 2876)
      • ugin.exe (PID: 2248)

    • Creates files in the program directory

      • Setup.exe (PID: 3548)
      • ASCInit.exe (PID: 3356)
      • smBootTimebase.exe (PID: 612)
      • ASCService.exe (PID: 2220)
      • UninstallInfo.exe (PID: 3172)
      • smBootTime.exe (PID: 1532)
      • PrivacyShield.exe (PID: 3956)
      • Display.exe (PID: 580)
      • ASC.exe (PID: 1540)
      • BrowserProtect.exe (PID: 3432)
      • Monitor.exe (PID: 2232)
      • AutoSweep.exe (PID: 2184)
      • AutoUpdate.exe (PID: 2876)
      • ASCVER.exe (PID: 3008)
      • ActionCenterDownloader.exe (PID: 1696)
      • IObitLiveUpdate.exe (PID: 3312)
      • startupInfo.exe (PID: 2716)
      • AutoCare.exe (PID: 3580)
      • unpr.exe (PID: 2860)
      • ugin.exe (PID: 2248)
      • ugin.exe (PID: 3068)
      • iTopVPN.exe (PID: 3016)
      • aud.exe (PID: 3676)
      • atud.exe (PID: 3244)
      • AutoCare.exe (PID: 2088)

    • Creates files in the user directory

      • advanced-systemcare-setup.tmp (PID: 900)
      • ASCUpgrade.exe (PID: 3376)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • ASCInit.exe (PID: 3356)
      • ASCService.exe (PID: 2220)
      • BrowserCleaner.exe (PID: 2016)
      • PPUninstaller.exe (PID: 3452)
      • ASC.exe (PID: 1540)
      • ASCTray.exe (PID: 3096)
      • iTopVPN.exe (PID: 3016)
      • explorer.exe (PID: 292)

    • Creates a directory in Program Files

      • Setup.exe (PID: 3548)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • ASCInit.exe (PID: 3356)
      • ASCService.exe (PID: 2220)
      • ASC.exe (PID: 1540)
      • AutoUpdate.exe (PID: 2876)
      • iTopSetup.tmp (PID: 3772)
      • atud.exe (PID: 3244)

    • Removes files from Windows directory

      • ASCService.exe (PID: 2220)
      • smBootTimebase.exe (PID: 612)

    • Starts SC.EXE for service management

      • cmd.exe (PID: 3724)

    • Creates files in the Windows directory

      • smBootTimebase.exe (PID: 612)
      • svchost.exe (PID: 860)
      • ASCService.exe (PID: 2220)
      • Monitor.exe (PID: 2232)
      • ASC.exe (PID: 1540)

    • Starts CMD.EXE for commands execution

      • ASCInit.exe (PID: 3356)
      • iTopVPN.exe (PID: 3016)

    • Application launched itself

      • RealTimeProtector.exe (PID: 2912)

    • Searches for installed software

      • ASCService.exe (PID: 2220)
      • PPUninstaller.exe (PID: 3452)
      • smBootTimebase.exe (PID: 612)
      • ASC.exe (PID: 1540)

    • Creates/Modifies COM task schedule object

      • regsvr32.exe (PID: 1548)

    • Executed via COM

      • DllHost.exe (PID: 552)

    • Starts Internet Explorer

      • Setup.exe (PID: 3548)

    • Executed as Windows Service

      • ASCService.exe (PID: 2220)

    • Low-level read access rights to disk partition

      • ASC.exe (PID: 1540)
      • Monitor.exe (PID: 2232)

    • Reads Environment values

      • Monitor.exe (PID: 2232)

    • Adds / modifies Windows certificates

      • ASCVER.exe (PID: 3008)

    • Reads CPU info

      • ASC.exe (PID: 1540)

    • Uses TASKKILL.EXE to kill process

      • iTopSetup.tmp (PID: 3772)

    • Uses NETSH.EXE for network configuration

      • ASC.exe (PID: 1540)
      • AutoCare.exe (PID: 2088)

    • Reads default file associations for system extensions

      • ASC.exe (PID: 1540)

    • Check for Java to be installed

      • AutoCare.exe (PID: 2088)

    • Reads the time zone

      • AutoCare.exe (PID: 2088)

  • INFO

    • Application launched itself

      • chrome.exe (PID: 3852)
      • iexplore.exe (PID: 1032)

    • Reads the hosts file

      • chrome.exe (PID: 3852)
      • chrome.exe (PID: 3732)

    • Creates files in the user directory

      • chrome.exe (PID: 3852)
      • iexplore.exe (PID: 2400)

    • Application was dropped or rewritten from another process

      • advanced-systemcare-setup.tmp (PID: 2024)
      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • ASCUpgrade.exe (PID: 3376)
      • ASCUpgrade.exe (PID: 4036)
      • iTopSetup.tmp (PID: 3772)
      • ugin.exe (PID: 3748)

    • Reads settings of System Certificates

      • chrome.exe (PID: 3852)
      • iexplore.exe (PID: 2400)

    • Loads dropped or rewritten executable

      • advanced-systemcare-setup.tmp (PID: 900)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)

    • Dropped object may contain Bitcoin addresses

      • chrome.exe (PID: 3852)
      • advanced-systemcare-setup.tmp (PID: 2500)
      • AutoUpdate.exe (PID: 2876)
      • ASC.exe (PID: 1540)
      • iTopSetup.tmp (PID: 3772)
      • ugin.exe (PID: 2248)

    • Creates a software uninstall entry

      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)

    • Creates files in the program directory

      • advanced-systemcare-setup.tmp (PID: 2500)
      • iTopSetup.tmp (PID: 3772)

    • Changes internet zones settings

      • iexplore.exe (PID: 1032)

    • Adds / modifies Windows certificates

      • iexplore.exe (PID: 2400)

    • Changes settings of System certificates

      • iexplore.exe (PID: 2400)

    • Reads internet explorer settings

      • iexplore.exe (PID: 2400)

    • Reads Microsoft Office registry keys

      • ASC.exe (PID: 1540)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
180
Monitored processes
122
Malicious processes
45
Suspicious processes
10

Behavior graph

Click at the process to see the details
drop and start start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start drop and start inject chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs chrome.exe no specs advanced-systemcare-setup.exe advanced-systemcare-setup.tmp no specs advanced-systemcare-setup.exe advanced-systemcare-setup.tmp setup.exe advanced-systemcare-setup.exe advanced-systemcare-setup.tmp ascupgrade.exe no specs ascupgrade.exe ascinit.exe locallang.exe no specs register.exe ascservice.exe smboottimebase.exe ppuninstaller.exe cmd.exe no specs realtimeprotector.exe diskdefrag.exe no specs sc.exe no specs smboottime.exe realtimeprotector.exe uninstallinfo.exe smboottime.exe realtimeprotector.exe regsvr32.exe no specs browsercleaner.exe privacyshield.exe no specs smboottime.exe SPPSurrogate no specs display.exe iexplore.exe browserprotect.exe asc.exe monitor.exe iexplore.exe smboottime.exe asctray.exe autosweep.exe ascfeature.exe no specs ascfeature.exe autoupdate.exe ascver.exe browsercleaner.exe actioncenterdownloader.exe itopsetup.exe itopsetup.tmp autocare.exe ugin.exe no specs iobitliveupdate.exe taskkill.exe no specs ugin.exe no specs startupinfo.exe no specs ugin.exe icop32.exe ugin.exe no specs explorer.exe unpr.exe itopvpn.exe no specs itopvpn.exe ugin.exe no specs smboottime.exe ugin.exe no specs smboottime.exe smboottime.exe atud.exe aud.exe aud.exe svchost.exe cmd.exe no specs cmd.exe no specs ping.exe no specs ping.exe no specs cmd.exe no specs cmd.exe no specs ping.exe no specs ping.exe no specs netsh.exe no specs netsh.exe no specs cmd.exe no specs ping.exe no specs cmd.exe no specs ping.exe no specs register.exe cmd.exe no specs ping.exe no specs monitordisk.exe autocare.exe netsh.exe no specs netsh.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
184"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,12426329528918344455,4685322435829742928,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=1118783197497257167 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
256"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --field-trial-handle=1000,12426329528918344455,4685322435829742928,131072 --enable-features=PasswordImport --lang=en-US --service-sandbox-type=utility --service-request-channel-token=4719677487248526461 --mojo-platform-channel-handle=2956 --ignored=" --type=renderer " /prefetch:8C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
272"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,12426329528918344455,4685322435829742928,131072 --enable-features=PasswordImport --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=13684961296644607016 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
292C:\Windows\Explorer.EXEC:\Windows\explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Explorer
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\winanr.dll
c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
c:\windows\system32\mswsock.dll
c:\windows\system32\wshtcpip.dll
c:\windows\explorer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
308"C:\Program Files\IObit\Advanced SystemCare\smBootTime.exe" /AddAutoRun /3 /43003A005C00570069006E0064006F00770073005C00730079007300740065006D00330032005C005400610073006B0073005C004100530043005F0050006500720066006F0072006D0061006E00630065004D006F006E00690074006F007200C:\Program Files\IObit\Advanced SystemCare\smBootTime.exe
ASCService.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Startup Boot Time
Exit code:
0
Version:
14.1.0.393
Modules
Images
c:\program files\iobit\advanced systemcare\smboottime.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
316"C:\Users\admin\Downloads\advanced-systemcare-setup.exe" C:\Users\admin\Downloads\advanced-systemcare-setup.exe
chrome.exe
User:
admin
Company:
IObit
Integrity Level:
MEDIUM
Description:
Advanced SystemCare
Exit code:
0
Version:
14.1.0.208
Modules
Images
c:\users\admin\downloads\advanced-systemcare-setup.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
340"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1000,12426329528918344455,4685322435829742928,131072 --enable-features=PasswordImport --disable-gpu-compositing --lang=en-US --enable-offline-auto-reload --enable-offline-auto-reload-visible-only --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --service-request-channel-token=16504610579773530325 --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=920 /prefetch:1C:\Program Files\Google\Chrome\Application\chrome.exechrome.exe
User:
admin
Company:
Google LLC
Integrity Level:
LOW
Description:
Google Chrome
Exit code:
0
Version:
75.0.3770.100
Modules
Images
c:\program files\google\chrome\application\chrome.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\google\chrome\application\75.0.3770.100\chrome_elf.dll
c:\windows\system32\version.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\shell32.dll
c:\windows\system32\shlwapi.dll
c:\windows\system32\gdi32.dll
552C:\Windows\system32\DllHost.exe /Processid:{F32D97DF-E3E5-4CB9-9E3E-0EB5B4E49801}C:\Windows\system32\DllHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
COM Surrogate
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\system32\dllhost.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\ole32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
580"C:\Program Files\IObit\Advanced SystemCare\Display.exe" /serviceC:\Program Files\IObit\Advanced SystemCare\Display.exe
ASCService.exe
User:
admin
Company:
IObit
Integrity Level:
HIGH
Description:
Display
Exit code:
0
Version:
14.0.0.154
Modules
Images
c:\program files\iobit\advanced systemcare\display.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files\iobit\advanced systemcare\rtl120.bpl
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
612"C:\Program Files\IObit\Advanced SystemCare\smBootTimebase.exe" /boottimeC:\Program Files\IObit\Advanced SystemCare\smBootTimebase.exe
ASCService.exe
User:
SYSTEM
Company:
IObit
Integrity Level:
SYSTEM
Description:
Startup Information
Exit code:
0
Version:
1.0.0.0
Modules
Images
c:\program files\iobit\advanced systemcare\smboottimebase.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
Total events
22 783
Read events
21 193
Write events
1 536
Delete events
54

Modification events

(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:failed_count
Value:
0
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
2
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\ThirdParty
Operation:writeName:StatusCodes
Value:
01000000
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BLBeacon
Operation:writeName:state
Value:
1
(PID) Process:(4092) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:writeName:3852-13254765273936000
Value:
259
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Update\ClientState\{8A69D345-D564-463c-AFF1-A69D9E530F96}
Operation:writeName:dr
Value:
1
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome
Operation:writeName:UsageStatsInSample
Value:
0
(PID) Process:(3852) chrome.exeKey:HKEY_CURRENT_USER\Software\Google\Chrome\BrowserExitCodes
Operation:delete valueName:3252-13245750958665039
Value:
0
(PID) Process:(3852) chrome.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Google\Update\ClientStateMedium\{8A69D345-D564-463C-AFF1-A69D9E530F96}
Operation:writeName:usagestats
Value:
0
Executable files
180
Suspicious files
217
Text files
2 306
Unknown types
75

Dropped files

PID
Process
Filename
Type
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-5FFB19DA-F0C.pma
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\79ffb552-045a-499f-b240-12f09da76cf5.tmp
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000048.dbtmp
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldtext
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.old~RF259de.TMPtext
MD5:
SHA256:
860svchost.exeC:\Windows\appcompat\programs\RecentFileCache.bcftxt
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.old~RF25a3b.TMPtext
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.old~RF25a8a.TMPtext
MD5:
SHA256:
3852chrome.exeC:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.old
MD5:
SHA256:
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
91
TCP/UDP connections
236
DNS requests
112
Threats
83

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
3732
chrome.exe
GET
301
152.195.53.24:80
http://www.iobit.com/?AFF=96594&__c=1
US
whitelisted
3732
chrome.exe
GET
301
151.101.13.188:80
http://download.cnet.com/Advanced-SystemCare-Free/3000-2086_4-10407614.html?part=dl-&subj=dl&tag=button
US
whitelisted
3732
chrome.exe
GET
301
152.195.53.24:80
http://www.iobit.com/en/index.php?AFF=96594&__c=1
US
whitelisted
3548
Setup.exe
GET
152.199.20.140:80
http://update.iobit.com/infofiles/installer/freewaret.upt
US
whitelisted
3172
UninstallInfo.exe
GET
52.3.174.214:80
http://stats.iobit.com/install.php?operate=1&user=1&app=asc14&ver=14.1.0.208&pr=iobit&system=61&type=1&lang=en-US&geo=1033&insur=other
US
suspicious
2400
iexplore.exe
GET
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D
US
whitelisted
2400
iexplore.exe
GET
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAo1CNVcKSsBffitZcAP9%2BQ%3D
US
whitelisted
2400
iexplore.exe
GET
93.184.220.29:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTk45WiKdPUwcMf8JgMC07ACYqr2AQUt2ui6qiqhIx56rTaD5iyxZV2ufQCEAcFIWb8lnJroJk876L0njY%3D
US
whitelisted
2400
iexplore.exe
GET
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
whitelisted
2400
iexplore.exe
GET
172.217.23.99:80
http://ocsp.pki.goog/gsr2/ME4wTDBKMEgwRjAJBgUrDgMCGgUABBTgXIsxbvr2lBkPpoIEVRE6gHlCnAQUm%2BIHV2ccHsBqBt5ZtJot39wZhi4CDQHjtJqhjYqpgSVpULg%3D
US
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3732
chrome.exe
216.58.210.13:443
accounts.google.com
Google Inc.
US
whitelisted
3732
chrome.exe
172.217.22.35:443
ssl.gstatic.com
Google Inc.
US
whitelisted
3732
chrome.exe
54.235.251.167:443
iobit.com
Amazon.com, Inc.
US
unknown
3732
chrome.exe
172.217.18.3:443
www.google.com.ua
Google Inc.
US
whitelisted
3732
chrome.exe
216.58.208.42:443
fonts.googleapis.com
Google Inc.
US
whitelisted
3732
chrome.exe
173.194.192.138:443
apis.google.com
Google Inc.
US
unknown
3732
chrome.exe
172.217.22.67:443
fonts.gstatic.com
Google Inc.
US
whitelisted
3732
chrome.exe
216.58.212.131:443
www.gstatic.com
Google Inc.
US
whitelisted
3732
chrome.exe
216.58.208.46:443
ogs.google.com.ua
Google Inc.
US
whitelisted
3732
chrome.exe
172.217.21.206:443
encrypted-tbn0.gstatic.com
Google Inc.
US
whitelisted

DNS requests

Domain
IP
Reputation
iobit.com
  • 54.235.251.167
unknown
accounts.google.com
  • 216.58.210.13
shared
ssl.gstatic.com
  • 172.217.22.35
whitelisted
www.google.com.ua
  • 172.217.18.3
whitelisted
fonts.googleapis.com
  • 216.58.208.42
  • 74.125.124.95
whitelisted
www.gstatic.com
  • 216.58.212.131
whitelisted
fonts.gstatic.com
  • 172.217.22.67
whitelisted
apis.google.com
  • 173.194.192.138
  • 173.194.192.100
  • 173.194.192.139
  • 173.194.192.113
  • 173.194.192.102
  • 173.194.192.101
whitelisted
ogs.google.com.ua
  • 216.58.208.46
whitelisted
encrypted-tbn0.gstatic.com
  • 172.217.21.206
whitelisted

Threats

PID
Process
Class
Message
3548
Setup.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3548
Setup.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
3548
Setup.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
3172
UninstallInfo.exe
Misc activity
ADWARE [PTsecurity] PUP.Optional.AdvancedSystemCare
1540
ASC.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1540
ASC.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
1540
ASC.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2876
AutoUpdate.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2876
AutoUpdate.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
2876
AutoUpdate.exe
Potentially Bad Traffic
ET INFO Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
Process
Message
Setup.exe
************** Win32MinorVersion: 1
Setup.exe
C:\Users\admin\AppData\Roaming\IObit\Advanced SystemCare\
Setup.exe
********** FLanguageName: English
Setup.exe
CheckDiskSpace: 1
Setup.exe
CheckDiskSpace: 1
Setup.exe
CheckDiskSpace: 2
Setup.exe
CheckDiskSpace: 3
Setup.exe
CheckDiskSpace: 4
Setup.exe
CheckDiskSpace: 5
Setup.exe
GetDownloadPath: 3
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
https://iobit.com